2.2: Cyber Security
Securing Life in Cyberspace Other Information:
As the President’s May 2009 Cyberspace Policy Review notes, the Internet’s global fabric of near-instantaneous interconnectivity
is at once transformative and fragile – beset by the unintended consequences of its multi-decade growth and survival in increasingly
dangerous times. Where we are now: The vast sea of information that flows over the Internet and is stored in Internet-connected
systems mostly is not secure, nor are the networks and systems themselves. The basic openness and anonymity built into the
Internet’s trust-based legacy architecture – combined with a seemingly endless assortment of hardware and software vulnerabilities
in computing systems – are exploited around the clock by hackers, criminals, and U.S. adversaries. According to some experts,
the networks of zombie attack computers called “botnets” today constitute the largest supercomputer in the world. The lack
of end-to-end security in cyberspace costs organizations in all sectors many billions of dollars annually; it also threatens
major U.S. government objectives, such as reforming the health care system with the aid of health IT and stimulating economic
innovation. Further, the interconnections of the Internet with critical infrastructures and systems (e.g., financial) provide
vectors for potentially devastating cyber attacks. Currently, attackers have the upper hand (anonymity; stealth; rapidly shifting
and increasingly damaging methods; asymmetric strength); defenders rely for the most part on a never-ending cycle of patching
networks and systems, but this defends only against previously identified threats, not the constantly emerging new ones. The
Federal government has initiated high-priority efforts to improve coordination of cybersecurity R&D across Federal agencies,
with the goals of better securing government information and networks and expanding collaboration with the private sector
to address cybersecurity objectives. Because much of the digital infrastructure lies in the private sector, however, developing
R&D partnerships and technology deployment strategies acceptable across sectors outside the Government presents complex challenges.
Research Needs: The goal of cybersecurity R&D must be to provide end-to-end security in networked environments. The immense
dynamism and complexity of global networking make this goal a grand challenge for which there will be no single solution.
Advances of many kinds are needed, in the policy and educational arenas as well as in diverse technologies. In addition to
more inherently secure components, new methods for proactive approaches to improving cybersecurity must be pursued, such as
dynamic security; stronger global-scale identity management; better situational awareness; new means of attack attribution
and combating malware, botnets, and insider threats; enterprise-level security metrics for assessing the relative effectiveness
of policies and techniques; cybersecurity education; and easy-to-use security techniques. One conceptual approach being advanced
by the Federal cybersecurity community specifically focuses on ways to eliminate the cyber attacker’s advantage over the defender
– for example, by employing dynamic virtualization to make attack targets much harder to pinpoint or by creating “tailored
trustworthy spaces” on the Internet that provide elevated levels of security and privacy.
Indicator(s):
|
